nixosModules/default-config/bootloader.nix at c4daa635e94f56507a5154a4c927149121412c96 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / nixosModules / default-config / bootloader.nix

at c4daa635e94f56507a5154a4c927149121412c96 1.4 kB view raw

 1{
 2  boot = {
 3    tmp.cleanOnBoot = true;
 4    # Disable unused kernel modules
 5    # https://madaidans-insecurities.github.io/guides/linux-hardening.html?#kasr-kernel-modules
 6    blacklistedKernelModules = [
 7      # Obscure network protocols
 8      "af_802154"
 9      "appletalk"
10      "atm"
11      "ax25"
12      "can"
13      "dccp"
14      "decnet"
15      "econet"
16      "ipx"
17      "n-hdlc"
18      "netrom"
19      "p8022"
20      "p8023"
21      "psnap"
22      "rds"
23      "rose"
24      "sctp"
25      "tipc"
26      "x25"
27      # Old or rare or insufficiently audited filesystems
28      # or ones I just don't want loaded
29      "adfs"
30      "affs"
31      "befs"
32      "bfs"
33      "cramfs"
34      "efs"
35      "erofs"
36      "f2fs"
37      "freevxfs"
38      "hfs"
39      "hfsplus"
40      "hpfs"
41      "jffs2"
42      "jfs"
43      "minix"
44      "nilfs2"
45      "ntfs"
46      "ocfs2"
47      "omfs"
48      "orangefs"
49      "qnx4"
50      "qnx6"
51      "reiserfs"
52      "sysv"
53      "ubifs"
54      "ufs"
55      # Network filesystems - I don't use these
56      "gfs2"
57      "nfs"
58      "nfsv3"
59      "nfsv4"
60      # Vivid driver
61      # Only used for testing purposes, has caused security issues. Disable.
62      "vivid"
63    ];
64
65    kernelParams = [
66      # Page allocator randomization
67      # Should hardon and improve performance
68      "page_alloc.shuffle=1"
69    ];
70    # Don't use either of these so disable them
71    kexec.enable = false;
72    bcache.enable = false;
73  };
74}